#UAC0057 sets eyes on Ukraine exploiting #WinRAR #zeroday #vulnerability (СVE-2023-38831) to spread #PicassoLoader and #CobaltStrike Beacon, as #CERTUA reports. Proactively detect #cyberattacks with #SigmaRules from SOC Prime Platform.
https://socprime.com/blog/cve-2023-38831-detection-uac-0057-group-exploits-a-winrar-zero-day-to-spread-a-picassoloader-variant-and-cobaltstrike-beacon-via-rabbit-algorithm/ #CVE #malware
Detect CVE-2023-38831 exploitation attempts in attacks by UAC-0057 spreading PicassoLoader & CobaltStrike Beacon with Sigma rules from SOC Prime Platform.
#CERTUA notifies cyber defenders of new attacks against Ukraine by #UAC0057 aka #GhostWriter spreading #PicassoLoader and #CobaltStrike Beacon to target the country's national military education institution. Detect associated malicious activity with a set of curated #Sigma rules in the SOC Prime Platform.
https://socprime.com/blog/shuckworm-espionage-group-attack-detection-russia-backed-threat-actors-repeatedly-attack-ukrainian-military-security-and-government-organizations/
#DFIR #APT #threathunting #threatdetection #BlueTeam #GreenTeam #cyberdefense
securityaffairs
SOC Prime